dealing with automation problems that ALL current browser automation engines have (WatiN, WatiR, Selenium, Cucumber, WebKit, QUnit, etc...) , and visualizing the data created using custom GUIs (note that O2 has native support for WatiN, NUnit and QUnit and has access/control to all of .NET's WinForms/WPF)

creating cached versions of the site (controlled by a built-inside-O2 web proxy),

... other OWASP projects? (if you are involved in an OWASP project that you think would be a good fit, please go for it)

What is interesting about TeamMentor is that it is a complex real world app (with legacy code), containing tons of WebServices and JavaScript/jQuery activity. This makes it very hard to test by today's tools (or even manual process).

Also very important, is the fact that we are dealing with a team/company that welcomes the 'Security' part of the SDL (which doesn't happen very often :) )

I'm very happy that SI is ok with this, and my hope is that this will allow us to have a number of interesting conversations/threads (hard to happen in test apps like WebGoat or HacmeBank, or apps where the main developers are not directly engaged in the process)

For the ones that can't come tonight, I will follow up later this week with more detailed instructions.